“Cyber-Mercenaries” Target Tech Co’s

Security analysts Kaspersky Lab’s have reported the discovery of “Icefog”, an APT group targeting companies in South Korea and Japan, which is ultimately, hitting Western supply chains. Many sinkhole connections were also observed in Australia.

These cyber-mercenaries for hire have now emerged – smaller hit-and-run gangs that “go after information with surgical precision”, the security experts have warned.

The attackers are targeting the tech industry, in particular – computer and software development, telecom and satellite operators, mass media including Korea Telecom and Fuji TV.

The end result is hitting Western companies supply chains.

Military, shipbuilding and maritime operations are also under attack.

The attackers hijack sensitive documents and company plans, e-mail account credentials, and passwords to access various resources within and outside the corporate victim’s network.

Such cyber attacks usually lasts for a few days or weeks and after, the gangs clean up the leave without a trace.

Those cyber mercenaries are thought to be based in China, South Korea and Japan.

Kaspersky researchers have sinkholed 13 of the 70+ domains used by the attackers, and observed more than 4,000 unique infected IPs and several hundred victims (a few dozen Windows victims and more than 350 Mac OS X victims).

The ‘Icefog’ command and control servers maintain encrypted logs of their victims together with the various operations performed on them.

Andrew Mamonitis, Kaspersky Lab ANZ’s Managing Director, says cyber networks often exploit the most vulnerable entry points by using corporate networks as a platform from which to access other channels.

In most cases, auxiliary companies have more relaxed security parameters in place despite holding valuable data about the parent target.

It is these secondary business service providers across the corporate chain which are most vulnerable to external breaches.In the future, the number of small, focused ‘APT-to-hire’ groups specialising in hit-and-run operations are set to grow.